| Index: chrome/browser/ssl/ssl_error_handler.cc
|
| diff --git a/chrome/browser/ssl/ssl_error_handler.cc b/chrome/browser/ssl/ssl_error_handler.cc
|
| index 594a68357e021e497a456f2e572acbcb7c939b1a..60cd2ae3aaed6d382b0ab258e59591b22178395d 100644
|
| --- a/chrome/browser/ssl/ssl_error_handler.cc
|
| +++ b/chrome/browser/ssl/ssl_error_handler.cc
|
| @@ -11,6 +11,7 @@
|
| #include "chrome/browser/profiles/profile.h"
|
| #include "chrome/browser/ssl/ssl_blocking_page.h"
|
| #include "chrome/browser/ssl/ssl_cert_reporter.h"
|
| +#include "chrome/browser/ssl/ssl_error_classification.h"
|
| #include "content/public/browser/notification_service.h"
|
| #include "content/public/browser/notification_source.h"
|
| #include "content/public/browser/web_contents.h"
|
| @@ -39,6 +40,8 @@ enum SSLErrorHandlerEvent {
|
| SHOW_CAPTIVE_PORTAL_INTERSTITIAL_OVERRIDABLE,
|
| SHOW_SSL_INTERSTITIAL_NONOVERRIDABLE,
|
| SHOW_SSL_INTERSTITIAL_OVERRIDABLE,
|
| + SHOW_COMMON_NAME_MISMATCH_INTERSTITIAL_NONOVERRIDABLE,
|
| + SHOW_COMMON_NAME_MISMATCH_INTERSTITIAL_OVERRIDABLE,
|
| SSL_ERROR_HANDLER_EVENT_COUNT
|
| };
|
|
|
| @@ -48,10 +51,10 @@ void RecordUMA(SSLErrorHandlerEvent event) {
|
| SSL_ERROR_HANDLER_EVENT_COUNT);
|
| }
|
|
|
| -#if defined(ENABLE_CAPTIVE_PORTAL_DETECTION)
|
| // The delay before displaying the SSL interstitial for cert errors.
|
| -// - If a "captive portal detected" result arrives in this many seconds,
|
| -// a captive portal interstitial is displayed.
|
| +// - If a "captive portal detected" or "suggested URL valid" result
|
| +// arrives in this many seconds, then a captive portal interstitial
|
| +// or a common name mismatch interstitial is displayed.
|
| // - Otherwise, an SSL interstitial is displayed.
|
| const int kDefaultInterstitialDisplayDelayInSeconds = 2;
|
|
|
| @@ -74,6 +77,7 @@ base::TimeDelta GetInterstitialDisplayDelay(
|
| return base::TimeDelta();
|
| }
|
|
|
| +#if defined(ENABLE_CAPTIVE_PORTAL_DETECTION)
|
| bool IsCaptivePortalInterstitialEnabled() {
|
| return base::FieldTrialList::FindFullName("CaptivePortalInterstitial") ==
|
| "Enabled";
|
| @@ -92,13 +96,6 @@ void SSLErrorHandler::HandleSSLError(
|
| int options_mask,
|
| scoped_ptr<SSLCertReporter> ssl_cert_reporter,
|
| const base::Callback<void(bool)>& callback) {
|
| -#if defined(ENABLE_CAPTIVE_PORTAL_DETECTION)
|
| - CaptivePortalTabHelper* captive_portal_tab_helper =
|
| - CaptivePortalTabHelper::FromWebContents(web_contents);
|
| - if (captive_portal_tab_helper) {
|
| - captive_portal_tab_helper->OnSSLCertError(ssl_info);
|
| - }
|
| -#endif
|
| DCHECK(!FromWebContents(web_contents));
|
| web_contents->SetUserData(
|
| UserDataKey(),
|
| @@ -137,15 +134,8 @@ SSLErrorHandler::SSLErrorHandler(content::WebContents* web_contents,
|
| request_url_(request_url),
|
| options_mask_(options_mask),
|
| callback_(callback),
|
| - ssl_cert_reporter_(ssl_cert_reporter.Pass()) {
|
| -#if defined(ENABLE_CAPTIVE_PORTAL_DETECTION)
|
| - Profile* profile = Profile::FromBrowserContext(
|
| - web_contents->GetBrowserContext());
|
| - registrar_.Add(this,
|
| - chrome::NOTIFICATION_CAPTIVE_PORTAL_CHECK_RESULT,
|
| - content::Source<Profile>(profile));
|
| -#endif
|
| -}
|
| + profile_(Profile::FromBrowserContext(web_contents->GetBrowserContext())),
|
| + ssl_cert_reporter_(ssl_cert_reporter.Pass()) {}
|
|
|
| SSLErrorHandler::~SSLErrorHandler() {
|
| }
|
| @@ -153,7 +143,46 @@ SSLErrorHandler::~SSLErrorHandler() {
|
| void SSLErrorHandler::StartHandlingError() {
|
| RecordUMA(HANDLE_ALL);
|
|
|
| + std::vector<std::string> dns_names;
|
| + ssl_info_.cert->GetDNSNames(&dns_names);
|
| + DCHECK(!dns_names.empty());
|
| + GURL suggested_url;
|
| + if (ssl_info_.cert_status == net::CERT_STATUS_COMMON_NAME_INVALID &&
|
| + GetSuggestedUrl(dns_names, &suggested_url)) {
|
| + net::CertStatus extra_cert_errors =
|
| + ssl_info_.cert_status ^ net::CERT_STATUS_COMMON_NAME_INVALID;
|
| +
|
| + // Show the SSL intersitial if |CERT_STATUS_COMMON_NAME_INVALID| is not
|
| + // the only error. Need not check for captive portal in this case.
|
| + // (See the comment below).
|
| + if (net::IsCertStatusError(extra_cert_errors) &&
|
| + !net::IsCertStatusMinorError(ssl_info_.cert_status)) {
|
| + ShowSSLInterstitial();
|
| + return;
|
| + }
|
| + CheckSuggestedUrl(suggested_url);
|
| + timer_.Start(FROM_HERE,
|
| + GetInterstitialDisplayDelay(g_interstitial_delay_type), this,
|
| + &SSLErrorHandler::OnTimerExpired);
|
| + if (g_timer_started_callback)
|
| + g_timer_started_callback->Run(web_contents_);
|
| +
|
| + // Do not check for a captive portal in this case, because a captive
|
| + // portal most likely cannot serve a valid certificate which passes the
|
| + // similarity check.
|
| + return;
|
| + }
|
| +
|
| #if defined(ENABLE_CAPTIVE_PORTAL_DETECTION)
|
| + CaptivePortalTabHelper* captive_portal_tab_helper =
|
| + CaptivePortalTabHelper::FromWebContents(web_contents_);
|
| + if (captive_portal_tab_helper) {
|
| + captive_portal_tab_helper->OnSSLCertError(ssl_info_);
|
| + }
|
| +
|
| + registrar_.Add(this, chrome::NOTIFICATION_CAPTIVE_PORTAL_CHECK_RESULT,
|
| + content::Source<Profile>(profile_));
|
| +
|
| if (IsCaptivePortalInterstitialEnabled()) {
|
| CheckForCaptivePortal();
|
| timer_.Start(FROM_HERE,
|
| @@ -172,12 +201,34 @@ void SSLErrorHandler::OnTimerExpired() {
|
| ShowSSLInterstitial();
|
| }
|
|
|
| +bool SSLErrorHandler::GetSuggestedUrl(const std::vector<std::string>& dns_names,
|
| + GURL* suggested_url) const {
|
| + return CommonNameMismatchHandler::GetSuggestedUrl(request_url_, dns_names,
|
| + suggested_url);
|
| +}
|
| +
|
| +void SSLErrorHandler::CheckSuggestedUrl(const GURL& suggested_url) {
|
| + scoped_refptr<net::URLRequestContextGetter> request_context(
|
| + profile_->GetRequestContext());
|
| + common_name_mismatch_handler_.reset(
|
| + new CommonNameMismatchHandler(request_url_, request_context));
|
| +
|
| + common_name_mismatch_handler_->CheckSuggestedUrl(
|
| + suggested_url,
|
| + base::Bind(&SSLErrorHandler::CommonNameMismatchHandlerCallback,
|
| + base::Unretained(this)));
|
| +}
|
| +
|
| +void SSLErrorHandler::NavigateToSuggestedURL(const GURL& suggested_url) {
|
| + content::NavigationController::LoadURLParams load_params(suggested_url);
|
| + load_params.transition_type = ui::PAGE_TRANSITION_TYPED;
|
| + web_contents()->GetController().LoadURLWithParams(load_params);
|
| +}
|
| +
|
| void SSLErrorHandler::CheckForCaptivePortal() {
|
| #if defined(ENABLE_CAPTIVE_PORTAL_DETECTION)
|
| - Profile* profile = Profile::FromBrowserContext(
|
| - web_contents_->GetBrowserContext());
|
| CaptivePortalService* captive_portal_service =
|
| - CaptivePortalServiceFactory::GetForProfile(profile);
|
| + CaptivePortalServiceFactory::GetForProfile(profile_);
|
| captive_portal_service->DetectCaptivePortal();
|
| #else
|
| NOTREACHED();
|
| @@ -187,9 +238,7 @@ void SSLErrorHandler::CheckForCaptivePortal() {
|
| void SSLErrorHandler::ShowCaptivePortalInterstitial(const GURL& landing_url) {
|
| #if defined(ENABLE_CAPTIVE_PORTAL_DETECTION)
|
| // Show captive portal blocking page. The interstitial owns the blocking page.
|
| - const Profile* const profile =
|
| - Profile::FromBrowserContext(web_contents_->GetBrowserContext());
|
| - RecordUMA(SSLBlockingPage::IsOverridable(options_mask_, profile)
|
| + RecordUMA(SSLBlockingPage::IsOverridable(options_mask_, profile_)
|
| ? SHOW_CAPTIVE_PORTAL_INTERSTITIAL_OVERRIDABLE
|
| : SHOW_CAPTIVE_PORTAL_INTERSTITIAL_NONOVERRIDABLE);
|
| (new CaptivePortalBlockingPage(web_contents_, request_url_, landing_url,
|
| @@ -205,14 +254,14 @@ void SSLErrorHandler::ShowCaptivePortalInterstitial(const GURL& landing_url) {
|
|
|
| void SSLErrorHandler::ShowSSLInterstitial() {
|
| // Show SSL blocking page. The interstitial owns the blocking page.
|
| - const Profile* const profile =
|
| - Profile::FromBrowserContext(web_contents_->GetBrowserContext());
|
| - RecordUMA(SSLBlockingPage::IsOverridable(options_mask_, profile)
|
| + RecordUMA(SSLBlockingPage::IsOverridable(options_mask_, profile_)
|
| ? SHOW_SSL_INTERSTITIAL_OVERRIDABLE
|
| : SHOW_SSL_INTERSTITIAL_NONOVERRIDABLE);
|
| +
|
| (new SSLBlockingPage(web_contents_, cert_error_, ssl_info_, request_url_,
|
| options_mask_, base::Time::NowFromSystemTime(),
|
| - ssl_cert_reporter_.Pass(), callback_))->Show();
|
| + ssl_cert_reporter_.Pass(), callback_))
|
| + ->Show();
|
| // Once an interstitial is displayed, no need to keep the handler around.
|
| // This is the equivalent of "delete this".
|
| web_contents_->RemoveUserData(UserDataKey());
|
| @@ -255,5 +304,21 @@ void SSLErrorHandler::DeleteSSLErrorHandler() {
|
| if (!callback_.is_null()) {
|
| base::ResetAndReturn(&callback_).Run(false);
|
| }
|
| + if (common_name_mismatch_handler_) {
|
| + common_name_mismatch_handler_->Cancel();
|
| + common_name_mismatch_handler_.reset();
|
| + }
|
| web_contents_->RemoveUserData(UserDataKey());
|
| }
|
| +
|
| +void SSLErrorHandler::CommonNameMismatchHandlerCallback(
|
| + const CommonNameMismatchHandler::SuggestedUrlCheckResult& result,
|
| + const GURL& suggested_url) {
|
| + timer_.Stop();
|
| + if (result == CommonNameMismatchHandler::SuggestedUrlCheckResult::
|
| + SUGGESTED_URL_AVAILABLE) {
|
| + NavigateToSuggestedURL(suggested_url);
|
| + } else {
|
| + ShowSSLInterstitial();
|
| + }
|
| +}
|
|
|
Chromium Code Reviews
Issue 1223233002:
Common Name Mismatch Handler For WWW Subdomain Mismatch case (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master